Skip to main content

Dotnet Core MVC Cookie Login Sample From Scratch(Part 1)

Introduction:


In general ASP.NET Core applications(MVC, RazorPages, WebAPI, Blazor Server Side) use login libraries like ASP.NET Core Identity, IdentityServer4, OAuth 2.0, etc. But ASP.NET Core can simply implement login with using Cookie-Based Authentication without any login libraries.

ASP.NET Core Identity is a membership program that helps to create a login functionality. Its rich library with all default login functionalities, creating users, adding roles, password encryption, and support to social logins like Google, Facebook, Outlook, Twitter, etc.

IdentityServer4 Or OAuth 2.0 is the latest login technology. It also gives all login functionalities and support to social logins as well additionally Single Sign-On and Token-Based user login.

Cookie-Based Authentication is a default login mechanism provided by ASP.NET Core applications.
But user creation, adding roles need to be done manually which is not hard to do. In this approach, we don't get too many pre-build methods or functionality available like in the login library.

Create ASP.NET Core MVC Project:

Let us create a sample MVC application in ASP.NET Core 3.0 using VisualStudio 2019 latest version. Make sure to uncheck the authentication checkbox while selecting the MVC project template. Click to see steps for project creation.

Create User And Roles Tables:

Create a "User" table with following SQL-Query

  CREATE TABLE [dbo].[User]
  (
    [Id] INT NOT NULL PRIMARY KEY IDENTITY, 
    [FirstName] VARCHAR(500) NULL, 
    [LastName] VARCHAR(500) NULL, 
    [Email] VARCHAR(MAX) NOT NULL, 
    [Password] VARCHAR(MAX) NOT NULL, 
    [LastLoginTime] DATETIME NULL
  )

Create  a "Roles" table with following SQL-Query
CREATE TABLE [dbo].[Roles]
(
    [Id] INT NOT NULL PRIMARY KEY IDENTITY, 
    [RoleName] VARCHAR(500) NOT NULL
)

Create a "UserRoles" mapping table with following SQL-Query
CREATE TABLE [dbo].[UserRole]
(
    [Id] INT NOT NULL PRIMARY KEY IDENTITY, 
    [UserId] INT NOT NULL, 
    [RoleId] INT NOT NULL
)

CodeFirst With Existing DataBase:

To communicate with a database we implement the Code-First approach click here to know more.
In this approach, the database is represented by DbContext and tables are represented by Model Classes. 
Install below to packages that help in creating DbContext

Install-Package Microsoft.EntityFrameworkCore -Version 3.0.0
Install-Package Microsoft.EntityFrameworkCore.Relational -Version 3.0.0 

In the model, folder create files like 'User.cs', 'Roles.cs', 'UserRole.cs' which represent database tables

 User.cs:
  using System;

namespace CookieAuth.Web.Models
{
    public class User
    {
        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string Email { get; set; }
        public string Password { get; set; }
        public DateTime? LastLoginTime { get; set; }
    }
}
Roles.cs:
namespace CookieAuth.Web.Models
{
    public class Roles
    {
        public int Id { get; set; }
        public string RoleName { get; set; }
    }
}
UserRole.cs:
namespace CookieAuth.Web.Models
{
    public class UserRole
    {
        public int Id { get; set; }
        public int UserId { get; set; }
        public int RoleId { get; set; }
    }
}
Now add new folder 'DAL', in that create a class name as 'UserContext.cs'.
UserContext.cs:
using CookieAuth.Web.Models;
using Microsoft.EntityFrameworkCore;

namespace CookieAuth.Web.DAL
{
    public class UserContext : DbContext
    {
        public UserContext(DbContextOptions context):base(context)
        {

        }

        public DbSet<User> User { get; set; }
        public DbSet<Roles> Roles { get; set; }
        public DbSet<UserRole> UserRole { get; set; }
        protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            modelBuilder.Entity<User>(entity =>
            {
                entity.ToTable("User");
            });

            modelBuilder.Entity<Roles>(entity =>
            {
                entity.ToTable("Roles");
            });

            modelBuilder.Entity<UserRole>(entity =>
            {
                entity.ToTable("UserRole");
            });
        }
    }
}

ConnectionString:

Add Database ConnectionString in 'appSettings.json'

Register Database Context:

Need to install below NuGet package to register DbContext with some SQL options
Install-Package Microsoft.EntityFrameworkCore.SqlServer -Version 3.0.0

Now we need to register our DbContext in 'Startup.cs' file, inside it we have a method 'ConfigureServices' to register any service throughout the application.

 services.AddDbContext<usercontext>(options =>
 {
   options.UseSqlServer(Configuration.GetConnectionString("SportsDbContext")); 
 });

Create An Account Controller:

This controller generally contains user action methods like 'Sign-up', 'Sign-in' and 'logout', etc. Now add a new controller and name it as 'AccountController.cs'.

Create UserViewModel For SignUp Form:

In the model, folder add filename as 'UserViewModel.cs', which is used user registration. Using 'System.ComponentModel.DataAnnotations' for ASP.NET Core MVC Model validation
Validation Attributes:
.[Required] mandatory filed 
.[Compare('otherPropertyName')] compare and check matches with other property

using System.ComponentModel.DataAnnotations;

namespace CookieAuth.Web.Models
{
    public class UserViewModel
    {
        [Required]
        public string FirstName { get; set; }
        [Required]
        public string LastName { get; set; }

        [Required]
        public string Email { get; set; }

        [Required]
        public string Password { get; set; }

        [Required]
        [Compare("Password")]
        public string ConfirmPassword { get; set; }
    }
}

Http Get SignUp Action:

To register user add 'SignUp' HttpGet action method in the'AccountController.cs'. This HttpGet action method navigate user to application registration form
AccountController.cs:

[Route("sign-up")]
[HttpGet]
public IActionResult SignUp()
{
  return View(new UserViewModel());
}

SignUp Form:

Now create 'sign-up.cshtml' file in 'Views/Accounts' folder. Add the following Html to design sign-up from.

@model CookieAuth.Web.Models.UserViewModel
@{
    ViewData["Title"] = "SignUp";
}

<h1>SignUp Form</h1>

<div class="row">
    <div class="col col-sm-12">
        <form action="/account/sign-up" method="post">
            <div class="form-group row">
                <div asp-validation-summary="ModelOnly" class="text-danger"></div>
                <label for="FirstName" class="col-sm-2 col-form-label">First Name</label>
                <div class="col-sm-10">
                    <input type="text" class="form-control" id="FirstName" name="FirstName" placeholder="Enter First Name" asp-for="FirstName" />
                    <span asp-validation-for="FirstName" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <label for="LastName" class="col-sm-2 col-form-label">Second Name</label>
                <div class="col-sm-10">
                    <input type="text" class="form-control" id="LastName" name="LastName" placeholder="Enter Last Name" asp-for="LastName" />
                    <span asp-validation-for="LastName" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <label for="Email" class="col-sm-2 col-form-label">Email</label>
                <div class="col-sm-10">
                    <input type="text" class="form-control" id="Email" name="Email" placeholder="Enter Email Address" asp-for="Email" />
                    <span asp-validation-for="Email" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <label for="Password" class="col-sm-2 col-form-label">Password</label>
                <div class="col-sm-10">
                    <input type="password" class="form-control" id="Password" name="Password" placeholder="Enter Passwor" asp-for="Password" />
                    <span asp-validation-for="Password" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <label for="ConfirmPassword" class="col-sm-2 col-form-label">Confirm Password</label>
                <div class="col-sm-10">
                    <input type="password" class="form-control" id="ConfirmPassword" name="ConfirmPassword" placeholder="Enter Confirm Password" asp-for="ConfirmPassword" />
                    <span asp-validation-for="ConfirmPassword" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <div class="col-sm-offset-2 col-sm-10">
                    <button type="submit" class="btn btn-primary">Register</button>
                </div>
            </div>
        </form>
    </div>
</div>
@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}
'UserViewModel' is used for model binding.
. 'asp-validation-for' MVC attributes for form model validation.
. 'asp-for' data binding to the form fields from the view-model.

Http Post SignUp Action Method To Add Users:

Now add an overloaded SignUp method in 'AccountController.cs', in this method we are going to add a new user. This action method takes care to verify MVC model validation, takes responsibility to have a unique email address in the database, and saving new users to the database.

Inject UserContext into AccountController using Constructor Injection:

private readonly UserContext _userContext;
public AccountController(UserContext userContext)
{
  _userContext = userContext;
}
SignUp Post Action: 
[Route("sign-up")]
[HttpPost]
public IActionResult SignUp(UserViewModel viewModel)
{
    if (ModelState.IsValid)
    {
        if(!_userContext.User.Any(_ => _.Email.ToLower() == viewModel.Email.ToLower()))
        {
            User newUser = new User
            {
                Email = viewModel.Email,
                FirstName = viewModel.FirstName,
                LastName = viewModel.LastName,
                Password = viewModel.Password
            };
            _userContext.User.Add(newUser);
            _userContext.SaveChanges();

            return Redirect("/login");
        }
    }
    return View(viewModel);
}
. 'HttpPost' accepts the post request
. 'Route' attribute matches the requested route.
. 'UserViewModel' MVC automatically inputs the data from the posted form to the inputting model
. 'ModelState' is a default property created by the controller, which helps to check and validate the request model.
. Linq extension method Any() queries the database to check if the email is already registered to avoid duplication user registration
. Map the values from 'UserViewModel' to 'User' model (Tabel Model), then using 'UserContext', saves the data to a database.
. After a user successfully registered, navigate to the login page (implemented in following steps)

 Note: Here I'm not encrypting password while saving to the database, you need to do encryption before saving to the database, to encrypt CSharp has a lot of encryption algorithms like 'SHA 512'. Never, ever save plain text password to the database.

Create LoginViewModel:

In 'Model' folder add a new class name as 'LoginViewModel' with 'Data Annotation' attributes for login form validation 
using System.ComponentModel.DataAnnotations;

namespace CookieAuth.Web.Models
{
    public class LoginViewModel
    {
        [Required]
        public string Email { get; set; }
        [Required]
        public string Password { get; set; }
        public bool IsPersistant { get; set; }
    }
}

Http Get Login Action Method:

To load the login form update the 'AccountController' with the login action method

[Route("login")]
[HttpGet]
public IActionResult Login()
{
   return View(new LoginViewModel());
}

Register Cookie And Authentication Middleware:

In 'Startup.cs' file register authentication cookie in the 'ConfigureServices' method.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
'CookieAuthenticationDefault' is provided by 'Microsoft.AspNetCore.Authentication.Cookies'.
'AuthenticationScheme' name is useful when there are multiple instances of cookie authentication supported by the application.

In 'Startup.cs' file configure authentication middleware in the 'Configure' method. From ASP.NET 3.0 endpoint routing was implemented, where most of the middleware should implement between 'app.UseRouting()' and 'app.UseEndpoints()' as below
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllerRoute(
          name: "default",
          pattern: "{controller=Home}/{action=Index}/{id?}");
    });

Login Form:

Now add 'Login.cshtml' in 'Views/Accounts' folder.

@model CookieAuth.Web.Models.LoginViewModel
@{
    ViewData["Title"] = "Login";
}

<h1>Login</h1>

<div class="row">
    <div class="col col-sm-6">
        <div asp-validation-summary="ModelOnly" class="text-danger"></div>
        <form action="/account/login" method="post">
            <div class="form-group row">
                <label for="Email" class="col-sm-2 col-form-label">Email</label>
                <div class="col-sm-10">
                    <input type="text" class="form-control" id="Email" name="Email" placeholder="Enter Email" />
                    <span asp-validation-for="Email" class="text-danger"></span>
                </div>
            </div>
            <div class="form-group row">
                <label for="Password" class="col-sm-2 col-form-label">Password</label>
                <div class="col-sm-10">
                    <input type="password" class="form-control" id="Password" name="Password" placeholder="Enter Password" />
                    <span asp-validation-for="Password"></span>
                </div>
            </div>
            <div class="form-group row">
                <div class="col-sm-offset-2 col-sm-10">
                    <button type="submit" class="btn btn-primary">Login</button>
                </div>
            </div>
        </form>
    </div>
</div>
@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}
. 'LoginViewModel' is the data binding object of this MVC view
. 'asp-validation-for' attribute to display the model validation error message

Http Post Login Action Method (User Login Method):

Now add user login logic in the login post action method in 'AccountController.cs'

[Route("login")]
[HttpPost]
public async Task<IActionResult> Login(LoginViewModel viewModel)
{
 if (ModelState.IsValid)
 {
  // note : real time we save password with encryption into the database
  // so to check that viewModel.Password also need to encrypt with same algorithm 
  // and then that encrypted password value need compare with database password value
  Models.User user = _userContext.User.Where(_ => _.Email.ToLower() == viewModel.Email.ToLower() && _.Password == viewModel.Password).FirstOrDefault();
  if(user != null)
  {
   user.LastLoginTime = DateTime.Now;
   _userContext.SaveChanges();
   var claims = new List<Claim>
    {
     new Claim(ClaimTypes.Name, user.Email),
     new Claim("FirstName",user.FirstName)
    };
   var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
   var authProperties = new AuthenticationProperties() { IsPersistent = viewModel.IsPersistant };
   await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
   return Redirect("/");
  }
  else
  {
   ModelState.AddModelError("InvalidCredentials", "Either username or password is not correct");
  }
 }
 return View(viewModel);
}
'HttpPost' attribute represents the post-action MVC page, which expects data from the client browser.
. 'Route' represents the route of the page, this type of router configuration is called 'Attribute Routing'.
. If the user tries to login with invalid credentials, we can add custom error to the model by using 'ModelState.AddModelError()'. This message will be displayed to the user
. If the user exists, update the 'LastLoginTime' and save it to the database. This field represents how frequently user login to the application.
. Claims contain a minimum amount of information, which used to identify the user on login. Claims can store user roles and permissions as well.
. 'ClaimsIdentity(IEnumerable claims, string authenticationType)' instantiate claims identity with one of the overloaded constructors which accept all our user login claim collection and authentication schema type like 'CookieAuthenticationDefaults.AuthenticationScheme'.
. 'Microsoft.AspNetCore.AuthenticationSignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties).' this method makes the user to login to the application. SignInAsync() is an overloaded method with accepts 'authentication scheme', 'user claims' and 'authentication settings.
. 'SignAsync()' method creates the authentication cookie and it needs to be given to the client(browser). So always reload the page after login so that authentication cookie gets available to the client and it will be sent to the server for every next request. Here in this sample after login, I'm redirecting to the home page.

Change Application Menu On User Authentication:

To get the authenticated user information into MVC views we need to inject the 'HttpContext' into the '_Layout.cshtml' page. Using @inject directive we can inject the 'HttpContext'. Dotnet Core provided an interface 'IHttpContextAccessor' to inject HttpContext

@using Microsoft.AspNetCore.Http
@inject IHttpContextAccessor _httpHttpContextAccessor;
Now add menu links like 'Sign-up', 'Login' show them conditionally based on user authentication. Below 'Privacy' menu link tag add the following Html in '_Layout.cshtml'
Here we are getting the user name that was added as a claim while the user login to the application.

SignOut Action Method:

Now in 'AccountController' add the sign-out method

[HttpGet]
[Route("sign-out")]
public async Task<IActionResult> SignOut()
{
 await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
 return Redirect("/");
}
. 'HttpContext.SignOutAsync()' removes the login cookie to sign-out the user. This method only expects a login schema name.

Now run the application and navigate to sign-up form to register.
Now open login form and try to login into the application
After login your page looks:

Summary:

Here we created a simple login application using Cookie-Based Authentication, without any login libraries. We have created users, roles tables, we have implemented sign-in and sign-out methods. Model form validation did with the help of Data Annotations. Using this login cookie we going to implement Authorization in MVC application. Click here to Role-base Authorization
😀

Refer:

Labels:

Comments

  1. SamJune 2, 2020 at 10:32 PM

    Hi, Thanks for the post, but when i followed it to the end. After running the application, it gave me this error.

    InvalidOperationException: No service for type 'Microsoft.AspNetCore.Http.IHttpContextAccessor' has been registered

    ReplyDelete
    Replies
    1. Naveen BommidiJune 2, 2020 at 10:48 PM

      Hi sam,
      need to register HttpContext, which i missed in article
      do as below:-
      public void ConfigureServices(IServiceCollection services)
      {

      services.AddHttpContextAccessor();
      // or use below both are same
      //services.TryAddSingleton();

      }

      Delete
    2. zetJune 20, 2022 at 7:51 PM

      how do i display the rolname of the logged in user in the Layout.cshtml,

      Delete
    3. Naveen BommidiJune 20, 2022 at 8:35 PM

      In article 'Change Application Menu On User Authentication' in this section check the image you can see i'm getting firstName role value , same way you can get what ever role value if you want

      Delete
    4. zetJune 23, 2022 at 4:00 PM

      i mean when i login as administrator,, using username zet and my password, then how do i write the code in my controller to display administrator in the _Layout.cshtml.
      In my _Layout.cshtml like:
      @_httpContextAccessor.HttpContext.User.Claims.FirstOrDefault(c => c.Type == "Rolename").Value

      then in my Login Action Like :
      new Claim("Rolename",user.What_Do_I_Put_Here?)
      the rolename does not display from the inteliscens when i press dot(.)

      Delete
  2. AnonymousJuly 14, 2022 at 2:42 PM

    thanks Naveen, but my authorization still not working, [Authorize(Roles="Administrator")] ,, Administrator is the role in my database, what could be the problem

    ReplyDelete

Post a Comment

Popular posts from this blog

Angular 14 Reactive Forms Example

In this article, we will explore the Angular(14) reactive forms with an example. Reactive Forms: Angular reactive forms support model-driven techniques to handle the form's input values. The reactive forms state is immutable, any form filed change creates a new state for the form. Reactive forms are built around observable streams, where form inputs and values are provided as streams of input values, which can be accessed synchronously. Some key notations that involve in reactive forms are like: FormControl - each input element in the form is 'FormControl'. The 'FormControl' tracks the value and validation status of form fields. FormGroup - Track the value and validate the state of the group of 'FormControl'. FormBuilder - Angular service which can be used to create the 'FormGroup' or FormControl instance quickly. Form Array - That can hold infinite form control, this helps to create dynamic forms. Create An Angular(14) Application: Let'
3 comments
Read more

.NET 7 Web API CRUD Using Entity Framework Core

In this article, we are going to implement a sample .NET 7 Web API CRUD using the Entity Framework Core. Web API: Web API is a framework for building HTTP services that can be accessed from any client like browser, mobile devices, and desktop apps. In simple terminology API(Application Programming Interface) means an interface module that contains programming functions that can be requested via HTTP calls either to fetch or update data for their respective clients. Some of the Key Characteristics of API: Supports HTTP verbs like 'GET', 'POST', 'PUT', 'DELETE', etc. Supports default responses like 'XML' and 'JSON'. Also can define custom responses. Supports self-hosting or individual hosting, so that all different kinds of apps can consume it. Authentication and Authorization are easy to implement. The ideal platform to build the REST full services. Install The SQL Server And SQL Management Studio: Let's install the SQL server on our l
3 comments
Read more

ReactJS(v18) JWT Authentication Using HTTP Only Cookie

In this article, we will implement the ReactJS application authentication using the HTTP-only cookie. HTTP Only Cookie: In a SPA(Single Page Application) Authentication JWT token either can be stored in browser 'LocalStorage' or in 'Cookie'. Storing the JWT token inside of the cookie then the cookie should be HTTP Only. The HTTP-ONly cookie nature is that it will be only accessible by the server application. Client apps like javascript-based apps can't access the HTTP-Only cookie. So if we use the authentication with HTTP-only JWT cookie then we no need to implement the custom logic like adding authorization header or storing token data, etc at our client application. Because once the user authenticated cookie will be automatically sent to the server by the browser on every API call. Authentication API: To authenticate our client application with JWT HTTP-only cookie, I developed a NetJS(which is a node) Mock API. Check the GitHub link and read the document on G
3 comments
Read more

.NET6 Web API CRUD Operation With Entity Framework Core

In this article, we are going to do a small demo on AspNetCore 6 Web API CRUD operations. What Is Web API: Web API is a framework for building HTTP services that can be accessed from any client like browser, mobile devices, desktop apps. In simple terminology API(Application Programming Interface) means an interface module that contains a programming function that can be requested via HTTP calls to save or fetch the data for their respective clients. Some of the key characteristics of API: Supports HTTP verbs like 'GET', 'POST', 'PUT', 'DELETE', etc. Supports default responses like 'XML' and 'JSON'. Also can define custom responses. Supports self-hosting or individual hosting, so that all different kinds of apps can consume it. Authentication and Authorization are easy to implement. The ideal platform to build REST full services. Create A .NET6 Web API Application: Let's create a .Net6 Web API sample application to accomplish our
6 comments
Read more

Angular 14 State Management CRUD Example With NgRx(14)

In this article, we are going to implement the Angular(14) state management CRUD example with NgRx(14) NgRx Store For State Management: In an angular application to share consistent data between multiple components, we use NgRx state management. Using NgRx state helps to avoid unwanted API calls, easy to maintain consistent data, etc. The main building blocks for the NgRx store are: Actions - NgRx actions represents event to trigger the reducers to save the data into the stores. Reducer - Reducer's pure function, which is used to create a new state on data change. Store - The store is the model or entity that holds the data. Selector - Selector to fetch the slices of data from the store to angular components. Effects - Effects deals with external network calls like API. The effect gets executed based the action performed Ngrx State Management flow: The angular component needs data for binding.  So angular component calls an action that is responsible for invoking the API call.  Aft
8 comments
Read more

Angular 14 Crud Example

In this article, we will implement CRUD operation in the Angular 14 application. Angular: Angular is a framework that can be used to build a single-page application. Angular applications are built with components that make our code simple and clean. Angular components compose of 3 files like TypeScript File(*.ts), Html File(*.html), CSS File(*.cs) Components typescript file and HTML file support 2-way binding which means data flow is bi-directional Component typescript file listens for all HTML events from the HTML file. Create Angular(14) Application: Let's create an Angular(14) application to begin our sample. Make sure to install the Angular CLI tool into our local machine because it provides easy CLI commands to play with the angular application. Command To Install Angular CLI npm install -g @angular/cli Run the below command to create the angular application. Command To Create Angular Application ng new name_of_your_app Note: While creating the app, you will see a noti
5 comments
Read more

Unit Testing Asp.NetCore Web API Using xUnit[.NET6]

In this article, we are going to write test cases to an Asp.NetCore Web API(.NET6) application using the xUnit. xUnit For .NET: The xUnit for .Net is a free, open-source, community-focused unit testing tool for .NET applications. By default .Net also provides a xUnit project template to implement test cases. Unit test cases build upon the 'AAA' formula that means 'Arrange', 'Act' and 'Assert' Arrange - Declaring variables, objects, instantiating mocks, etc. Act - Calling or invoking the method that needs to be tested. Assert - The assert ensures that code behaves as expected means yielding expected output. Create An API And Unit Test Projects: Let's create a .Net6 Web API and xUnit sample applications to accomplish our demo. We can use either Visual Studio 2022 or Visual Studio Code(using .NET CLI commands) to create any.Net6 application. For this demo, I'm using the 'Visual Studio Code'(using the .NET CLI command) editor. Create a fo
7 comments
Read more

Part-1 Angular JWT Authentication Using HTTP Only Cookie[Angular V13]

In this article, we are going to implement a sample angular application authentication using HTTP only cookie that contains a JWT token. HTTP Only JWT Cookie: In a SPA(Single Page Application) Authentication JWT token either can be stored in browser 'LocalStorage' or in 'Cookie'. Storing JWT token inside of the cookie then the cookie should be HTTP Only. The HTTP-Only cookie nature is that it will be only accessible by the server application. Client apps like javascript-based apps can't access the HTTP-Only cookie. So if we use authentication with HTTP only JWT cookie then we no need to implement custom logic like adding authorization header or storing token data, etc at our client application. Because once the user authenticated cookie will be automatically sent to the server by the browser on every API call. Authentication API: To implement JWT cookie authentication we need to set up an API. For that, I had created a mock authentication API(Using the NestJS Se
Post a Comment
Read more

ReactJS(v18) Authentication With JWT AccessToken And Refresh Token

In this article, we are going to do ReactJS(v18) application authentication using the JWT Access Token and Refresh Token. JSON Web Token(JWT): JSON Web Token is a digitally signed and secured token for user validation. The JWT is constructed with 3 important parts: Header Payload Signature Create ReactJS Application: Let's create a ReactJS application to accomplish our demo. npx create-react-app name-of-your-app Configure React Bootstrap Library: Let's install the React Bootstrap library npm install react-bootstrap bootstrap Now add the bootstrap CSS reference in 'index.js'. src/index.js: import 'bootstrap/dist/css/bootstrap.min.css' Create A React Component 'Layout': Let's add a React component like 'Layout' in 'components/shared' folders(new folders). src/components/shared/Layout.js: import Navbar from "react-bootstrap/Navbar"; import { Container } from "react-bootstrap"; import Nav from "react-boot
Post a Comment
Read more

A Small Guide On NestJS Queues

NestJS Application Queues helps to deal with application scaling and performance challenges. When To Use Queues?: API request that mostly involves in time taking operations like CPU bound operation, doing them synchronously which will result in thread blocking. So to avoid these issues, it is an appropriate way to make the CPU-bound operation separate background job.  In nestjs one of the best solutions for these kinds of tasks is to implement the Queues. For queueing mechanism in the nestjs application most recommended library is '@nestjs/bull'(Bull is nodejs queue library). The 'Bull' depends on Redis cache for data storage like a job. So in this queueing technique, we will create services like 'Producer' and 'Consumer'. The 'Producer' is used to push our jobs into the Redis stores. The consumer will read those jobs(eg: CPU Bound Operations) and process them. So by using this queues technique user requests processed very fastly because actually
8 comments
Read more